admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 10:10:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-10T15:00:19.501519+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-10 15:03:21 +00:00
parent 27908ec250
commit c51db320cb
4 changed files with 145 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
CVE-2024/CVE-2024-102xx/CVE-2024-10265.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-10265",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-10T13:15:03.657",
"lastModified": "2024-11-10T13:15:03.657",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/form-maker/trunk/wd/includes/notices.php#L199",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3183170/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/form-maker/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb1a2c2-581d-47ed-a180-9f70fdf79066?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2024/CVE-2024-109xx/CVE-2024-10958.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-10958",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-10T13:15:03.940",
"lastModified": "2024-11-10T13:15:03.940",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-photo-album-plus/tags/8.8.08.004/wppa-ajax.php#L1238",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3184852/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/wp-photo-album-plus/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53bb0871-343a-4299-9902-682c422152d1?source=cve",
"source": "security@wordfence.com"
}
]
}

11
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-11-10T13:00:19.736744+00:00
2024-11-10T15:00:19.501519+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-11-10T12:15:19.290000+00:00
2024-11-10T13:15:03.940000+00:00
```
### Last Data Feed Release
@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
268940
268942
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `2`
- [CVE-2024-51576](CVE-2024/CVE-2024-515xx/CVE-2024-51576.json) (`2024-11-10T12:15:19.290`)
- [CVE-2024-10265](CVE-2024/CVE-2024-102xx/CVE-2024-10265.json) (`2024-11-10T13:15:03.657`)
- [CVE-2024-10958](CVE-2024/CVE-2024-109xx/CVE-2024-10958.json) (`2024-11-10T13:15:03.940`)
### CVEs modified in the last Commit

4
_state.csv
View File

@ -242547,6 +242547,7 @@ CVE-2024-10250,0,0,8accb693817c35c7e4f9fa710076ead819720d8653e5052fbeeec31b3a5b4
CVE-2024-1026,0,0,e127bb5d00442b36eed0e6ff6513a3a42c45706876a3a5f2167365447fb898e7,2024-05-17T02:35:11.320000
CVE-2024-10261,0,0,f7de3caa14777c134bde9728a3a9cd2add83d6035ac273a737fc1b44550f614b,2024-11-09T12:15:16.800000
CVE-2024-10263,0,0,d8274159492686a2b3c754959bfc4509f9c9201a502006a3dee5515647626798,2024-11-08T15:59:41.633000
CVE-2024-10265,1,1,9520acce55a80cab4d77f6895522f407ae2ddb0b24fec08ca8c5ef23b1603ab3,2024-11-10T13:15:03.657000
CVE-2024-10266,0,0,c93db2a67de792a64ad3b8f3ae10accf6f21ac600e94cc18aca994ed95268502,2024-10-29T14:34:04.427000
CVE-2024-10269,0,0,52654717b4b93a8e333771abfdcd93e402d393cb11d01db52c12e8f4aa3192bf,2024-11-08T19:01:03.880000
CVE-2024-1027,0,0,7cdd04f65f65ce162dee4b0e860b968e4c1a6b7f21d53e978519c8259363a858,2024-05-17T02:35:11.427000
@ -242911,6 +242912,7 @@ CVE-2024-10946,0,0,53c127b5d01f3eb86df399cdeeb942bf199714aabfb134ba6a8dac66d645a
CVE-2024-10947,0,0,0411e4a4d7c1a87e65d7d83c82156a4ec968e1f848bfec751aba34746b5cca7a,2024-11-08T19:01:03.880000
CVE-2024-1095,0,0,e70da3b629cae08421ac3ff6db71fb525bf872b735f906aa9168a1a3feae7dcb,2024-03-05T13:41:01.900000
CVE-2024-10953,0,0,4cd1b9258875261834531cf76075bd46479dc7cc73ff4dff4728d4228da44f6d,2024-11-09T02:15:17.443000
CVE-2024-10958,1,1,fcf505fa6da08ee90d219e8333a57d378a0c9b002861981bb4bac6c196dbfed9,2024-11-10T13:15:03.940000
CVE-2024-1096,0,0,9e6ec92aa91c226f1dce82b660bd82ecda12366a7db0465d5ab79a9947cb0a51,2024-03-21T02:51:34.720000
CVE-2024-10963,0,0,8af3c09cd468169fcfd76c999c7da3beb49618f550ea24366748836250fa35e0,2024-11-08T19:01:03.880000
CVE-2024-10964,0,0,59c42738567fc9804ec2d61407344d8d58a5472c34e273ef586a2c76a2aefe85,2024-11-08T19:01:03.880000
@ -265053,7 +265055,7 @@ CVE-2024-51567,0,0,9629c1871377d5b3a8fc7e24f37cf5fff8c7d9ecc5af9890fa03e865aa78a
CVE-2024-51568,0,0,ef96c64ab696ce1dd0f4d9f421838b3895b55219506da5bc264e22e1b5e0e5b2,2024-11-01T12:57:03.417000
CVE-2024-5157,0,0,24d31b037c5fbef35f77d9be746cd537f78e6f1e98b9c21955d97a62fe59949f,2024-07-03T02:08:34.407000
CVE-2024-51570,0,0,039ecc17621b1db181f9096c9a875f2b9973a9cc57be3840bb82f92f55e97e7f,2024-11-09T09:15:03.520000
CVE-2024-51576,1,1,a401de41abd8574bb548a71c8fd11720ef3b4ee5f5fd82fc244607328ff684a3,2024-11-10T12:15:19.290000
CVE-2024-51576,0,0,a401de41abd8574bb548a71c8fd11720ef3b4ee5f5fd82fc244607328ff684a3,2024-11-10T12:15:19.290000
CVE-2024-51577,0,0,d0ec203417f086b0461ea98ce73b532fa7574e308c18cd79bf8790574f0a3173,2024-11-10T10:15:04.877000
CVE-2024-51578,0,0,c1360c7172cbee5cc357cca65f2404f3c3f06119fe32e88a6590c342673fc1db,2024-11-10T10:15:05.270000
CVE-2024-51579,0,0,a681396d9384ce7f62ae294a5abe6a50486fb6c3c0f1c9412b7e98748fe5f97d,2024-11-09T09:15:03.903000

Can't render this file because it is too large.